AWS Management Tools Blog

Tag: AWS CloudFormation

Building an AWS CloudFormation custom resource to manage StackSets

In this blog post I’d like to share an AWS CloudFormation custom resource I’ve written that allows you to deploy StackSets from within a CloudFormation template. You can use StackSets to deploy and manage CloudFormation stacks in multiple accounts and multiple AWS Regions from a central location using a single template and set of operations.

Read More

AWS CloudFormation: 2017 in Review

In 2017, over 350,000 AWS customers used AWS CloudFormation to manage resources collected across 2.4M stacks. We added coverage for 14 new services and several new features. In this post, I’d like to look back at some features and new content that CloudFormation introduced in 2017, including: New AWS resources that you can provision with […]

Read More

Analyzing Bitcoin Data: AWS CloudFormation Support for AWS Glue

The AWS CloudFormation team has been busy in the last couple of months, adding support for new resource types for recently released AWS services. In this post, I take a deep dive into using AWS Glue with CloudFormation. About AWS Glue AWS Glue was first announced at re:Invent in 2016, and was made generally available […]

Read More

AWS CloudFormation Update: AWS Guard Duty, Amazon Inspector, and Service Discovery, plus 40 resource updates

AWS CloudFormation recently added support for these recently released AWS services: AWS Guard Duty is an automated threat-detection service that can be quickly enabled, does not require agents to be installed, and monitors unusual account usage using sources like AWS CloudTrail logs, DNS logs, and other sources. With the new AWS CloudFormation resource support, you […]

Read More

Control AWS resources available to your users using AWS Service Catalog

The grant least privilege best practice advises you to grant only the permissions that are required to perform a task. To follow this best practice you should determine what your users need to do and then design IAM policies that let users perform only those tasks. AWS Service Catalog extends the very same best practice. If you […]

Read More

Integrating AWS CloudFormation with AWS Systems Manager Parameter Store

AWS CloudFormation has always allowed you to customize your templates by using parameters for runtime input values. Parameters make your template code dynamically configurable, improving the reusability of your code. Previously, the only ways you could specify values for these parameters were to pass the plaintext values as arguments to the CloudFormation API, or hard […]

Read More

Tracking AWS Service Catalog products provisioned by individual SAML users

To manage access to the AWS Cloud, many companies prefer Enterprise Federation over AWS Identity and Access Management (IAM) users. Identity federation provides single sign-on (SSO) to access AWS accounts using credentials from the corporate directory. This method of accessing AWS allows companies to utilize their existing identity solutions, such as Active Directory (AD) or […]

Read More

Automating IAM Roles For Cross-Account Access Series Overview

The AWS Partner Network Blog has recently published a series describing a method to automate the creation of an IAM role for cross-account access, and how to collect the information needed for a partner to assume the role after creation. This post gives readers an overview of the series, summarizing each of the individual posts […]

Read More

How to Export EC2 Instance Execution Logs to an S3 Bucket Using CloudWatch Logs, Lambda, and CloudFormation

“We want to get execution logs from our EC2 instances into S3,” my customer said. “Then we can store them and process them later, for optimization, audit, and security review, and so on. We’d like to do it in our CloudFormation stacks, as that’s our execution standard. Can you help us?” This blog post shows […]

Read More

The Virtues of YAML CloudFormation and Using CloudFormation Designer to Convert JSON to YAML

AWS CloudFormation provides the framework to define infrastructure-as-code in AWS and, until last year, this could only be written in JSON. However, in 2016, AWS added YAML 1.1 support for CloudFormation. Let’s take a look at some of the advantages of using YAML over JSON, as well as how to overcome some of the challenges […]

Read More